February 14, 2017
Posted by on
The Privacy Amendment Bill for Data Breech Notification has passed.
Implements recommendations of the Parliamentary Joint Committee on Intelligence and Security’s Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 and the Australian Law Reform Commission’s report For Your Information: Australian Privacy Law and Practice by amending the Privacy Act 1988 to require agencies, organisations and certain other entities to provide notice to the Australian Information Commissioner and affected individuals of an eligible data breach.
What does it mean? Well practically it means that companies and organisations (including the government) who suffer a breech of information must notify the government, and therefore may as well tell the public too, in a certain time-frame. And that failing to do so suffers penalties. It encourages data security, privacy, literacy for cyber threats, and might also change the ways companies think about technical security and privacy more broadly.
Is it perfect? No. Is it better than hoping it does not happen, or trusting that companies might do the right thing anyway? Hell yes. Huzzah!